Search Results (2030 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-9898 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Thunderbird and 6 more 2025-11-25 N/A
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
CVE-2016-9899 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Thunderbird and 6 more 2025-11-25 N/A
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
CVE-2014-1508 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-11-25 9.1 Critical
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering.
CVE-2016-9904 3 Debian, Mozilla, Redhat 7 Debian Linux, Firefox, Thunderbird and 4 more 2025-11-25 N/A
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
CVE-2014-1509 5 Canonical, Mozilla, Opensuse and 2 more 16 Ubuntu Linux, Firefox, Seamonkey and 13 more 2025-11-25 8.8 High
Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document.
CVE-2014-1505 7 Canonical, Debian, Mozilla and 4 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-11-25 7.5 High
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.
CVE-2014-1510 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-11-25 9.8 Critical
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.
CVE-2017-7751 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Thunderbird and 6 more 2025-11-25 N/A
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
CVE-2014-1487 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2025-11-25 7.5 High
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.
CVE-2013-5609 6 Canonical, Fedoraproject, Mozilla and 3 more 17 Ubuntu Linux, Fedora, Firefox and 14 more 2025-11-25 9.8 Critical
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-1493 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-11-25 9.8 Critical
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-1497 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-11-25 8.8 High
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.
CVE-2014-1511 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-11-25 9.8 Critical
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
CVE-2013-5616 6 Canonical, Fedoraproject, Mozilla and 3 more 17 Ubuntu Linux, Fedora, Firefox and 14 more 2025-11-25 9.8 Critical
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.
CVE-2014-1477 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2025-11-25 9.8 Critical
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-5618 6 Canonical, Fedoraproject, Mozilla and 3 more 17 Ubuntu Linux, Fedora, Firefox and 14 more 2025-11-25 9.8 Critical
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.
CVE-2014-1479 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2025-11-25 7.5 High
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.
CVE-2017-7798 3 Debian, Mozilla, Redhat 8 Debian Linux, Firefox, Enterprise Linux and 5 more 2025-11-25 N/A
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.
CVE-2014-1481 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2025-11-25 7.5 High
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.
CVE-2014-1482 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2025-11-25 8.8 High
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.